60 apps Privacy
Miniflux screenshot thumbnail

Miniflux

One statically-compiled Go binary over PostgreSQL, no ORM, no framework, static assets embedded in the executable: Miniflux is the minimalist, opinionated feed reader. The opinions are the feature: page layout, fonts, and colors are tuned for reading, and everything else is treated as noise. It consumes Atom, RSS, and JSON Feed formats with OPML import/export, organizes articles with categories and bookmarks, fetches original full-text content for summary-only feeds, and provides Postgres-powered full-text search. Privacy work happens automatically: pixel trackers are stripped, tracking parameters removed from URLs, a media proxy blocks third-party tracking, referrers are never forwarded, and there is zero telemetry. Navigation is keyboard-first - j/k through items, o to open, f to star - with touch gestures on mobile. Podcast, video, and music enclosures are supported, and YouTube videos play inline. Over 25 integrations save articles onward to Wallabag, Readwise Reader, Pinboard, Linkding, Instapaper, Notion, Telegram, Matrix, Ntfy, and more, plus webhooks and a REST API with Go and Python clients; the Google Reader API endpoint supports existing mobile reader apps. Authentication spans local passwords, passkeys (WebAuthn), Google OAuth2, OpenID Connect, and reverse-proxy headers. It is Apache 2.0 licensed, translated into 20 languages, and updates feeds on an internal scheduler.

Deploy
LibreTranslate screenshot thumbnail

LibreTranslate

Machine translation with no Google, no Azure, no per-character billing, and no text leaving your infrastructure: LibreTranslate is a free, open-source translation API that runs entirely on your own server. The engine underneath is Argos Translate, which runs OpenNMT neural models with SentencePiece tokenization and Stanza sentence-boundary detection, all offline. Models install as portable .argosmodel packages covering dozens of languages - English, Spanish, French, German, Chinese, Japanese, Russian, Arabic, Hindi, Portuguese, and many more - and Argos handles automatic pivoting: with es-to-en and en-to-fr installed, it chains them to translate es-to-fr without a direct model. The API is a straightforward HTTP POST to /translate with source and target language codes, returning JSON - simple enough that the ecosystem has clients in every major language and integrations across tools like Weblate and Mastodon. Beyond plain text it translates HTML while preserving markup and handles whole file uploads (documents in, translated documents out), plus automatic language detection when the source is unknown. A clean bundled web UI serves interactive translation for end users, and optional API keys with rate limits control access. AGPL-licensed and trainable with custom models, it is the standard answer when translation must be private, unmetered, and self-contained - GDPR-sensitive text never touches a third party.

Deploy
Ghostfolio screenshot thumbnail

Ghostfolio

Stocks, ETFs, crypto, bonds, precious metals, and cash across every account and currency, in one privacy-first dashboard: Ghostfolio is open-source wealth management software. The deliberate design decision is no brokerage linking: positions enter by manual entry, CSV import, or the REST API, so your holdings never pass through a data aggregator. Performance is measured as return on average investment across Today, WTD, MTD, YTD, 1Y, 5Y, and Max timeframes, with benchmark comparison against indices like the S&P 500, dividend tracking, and allocation breakdowns by asset class, region, and sector. A static X-ray analysis flags concentration and other portfolio risks, and a FIRE calculator projects progress toward financial independence. Multi-currency support converts holdings using historical exchange rates, market data comes from Yahoo Finance and CoinGecko among other pluggable providers, and everything exports back out as CSV or JSON. Built with Angular and NestJS on PostgreSQL and Redis, shipped as Docker images for amd64 and ARM, with a mobile-first PWA interface, dark mode, and a distraction-free Zen mode. AGPL-licensed.

Deploy
Actual Budget screenshot thumbnail

Actual Budget

Every unit of income gets a job in Actual Budget - a local-first personal finance app built on envelope (zero-sum) budgeting, where you can only budget cash you actually have, which keeps the plan honest by construction. The data model is a SQLite file that lives on your device and works fully offline; the self-hosted Node.js sync server adds background multi-device synchronization using CRDT-based distributed-systems machinery, browser and mobile access as an installable web app, and automated backups. Optional end-to-end encryption makes the synced data unreadable even to the server hosting it. Transactions enter three ways: manual entry, file import (CSV, QIF, OFX, QFX, CAMT.053), or automatic bank syncing through GoCardless for EU/UK banks and SimpleFIN for US/Canada. Built-in YNAB4 and nYNAB importers migrate complete budget histories, and reports, schedules for recurring transactions, and rule-based transaction cleanup handle the day-to-day. A fully featured local API lets developers script custom importers and automation against their own data. 100% free, open source, and 26k stars strong.

Deploy
BentoPDF screenshot thumbnail

BentoPDF

Merge, split, compress, convert, edit, annotate, redact, OCR, and sign PDFs - BentoPDF packs over 130 tools into a privacy-first toolkit that runs entirely in the browser through WebAssembly. Files are never uploaded - processing happens in browser memory on the user's machine and disappears when the tab closes, which makes the tool GDPR-clean by architecture and safe for financial, legal, and internal documents. The engine combines WASM builds of PyMuPDF, Ghostscript, and CoherentPDF; Tesseract handles OCR with searchable text-layer output; Office conversions cover Word, Excel, and PowerPoint; and digital signatures use X.509 certificates (PFX/PEM) with the private key staying on the client. Because there is no server-side processing, deployment is a static-file exercise: a single Docker container, or any static host. A dedicated self-hosted build strips the marketing pages while keeping every tool, and air-gapped deployments are first-class - an automated script bundles the WASM modules, OCR language data, and fonts for fully offline networks. No accounts, no limits, no watermarks; TypeScript and Vite under the hood.

Deploy
SearXNG screenshot thumbnail

SearXNG

Up to 280 search services - Google, Bing, DuckDuckGo, Brave, Qwant, Startpage - aggregated without tracking or profiling: SearXNG is a privacy-respecting metasearch engine (AGPL-3.0, successor to Searx). Your instance queries the upstream engines on your behalf: your IP address, cookies, and search history never reach them, tracker parameters are stripped from result URLs, and an optional image proxy fetches thumbnails server-side so result pages leak nothing. It can even route outbound queries through Tor for full anonymity. Search is organized into categories - general, images, videos, news, maps, music, IT, science, files - with bang shortcuts for targeting specific engines, and every source can be enabled, disabled, or weighted per category in settings.yml. A plugin system adds calculators, hash tools, tracker removal, and unit conversions inline, and preferences (themes, safe search, languages, engine selection) persist in cookies rather than server-side accounts. The real argument for running your own instance rather than trusting a public one is control: you decide the logging policy (none), the engine mix, rate limiting, and who gets access - making it the default search backend for browsers, families, and teams that want Google-quality results without the profile.

Deploy
Plausible screenshot thumbnail

Plausible

Built as a direct rejection of the adtech model, Plausible is the best-known privacy-first web analytics tool - lightweight, cookie-free, and open-source. It sets no cookies and stores no personal data: unique visitors are counted via a hash of IP plus User-Agent that rotates every 24 hours and is never stored raw, so no consent banner is required and GDPR compliance is structural rather than contractual. The tracking script is under 1 KB - orders of magnitude lighter than GA - and the dashboard is a deliberate contrast to GA4's sprawl: one fast-loading page with visitors, sources, top pages, countries, devices, and UTM breakdowns, filterable by any dimension. Custom events and goals track signups and clicks, Google Search Console integration pulls in search queries, scheduled email reports keep stakeholders updated, and the Stats API (v2) plus CSV export feed data anywhere. This is the AGPL-licensed Community Edition, the same Elixir codebase that powers Plausible's cloud service, running as three containers: the web app, PostgreSQL for accounts, and ClickHouse for event storage - which means self-hosters get direct SQL access to raw analytics data the cloud version never exposes. Traffic data stays entirely on your server, with no visitor caps or per-pageview pricing.

Deploy
Monica screenshot thumbnail

Monica

Take the tool sales teams use to never forget a client detail and point it at the people who actually matter - friends, family, the colleague whose kid's name you keep blanking on: Monica is a personal CRM. It's a Laravel/PHP application over MySQL where each contact accumulates the texture of a real relationship: how you met, family members and pets, work changes, addresses, notes from conversations, activities done together, gift ideas and gifts given, even debts owed in multiple currencies. Two features set it apart from every contact app. Reminders with staying power: set per-contact intervals (weekly through yearly), get notified at 30 days, 7 days, and day-of, with automatic birthday reminders and CalDAV sync to your calendar. And a journal linked to contacts: write about dinner with friends, tag each person, and build a timeline that's part diary, part relationship log - plus a daily "how was your day" rating. Monica is deliberately manual and deliberately private: no social network features, no AI, no email scraping, no ads, no analytics - a quiet database of what you know about people you love, on your own server. Multiple vaults and users, labels, custom activity types, and document/photo uploads round it out. AGPL-licensed.

Deploy
Collabora Office screenshot thumbnail

Collabora Office

Real LibreOffice document engineering in the browser: Collabora Online is built by the company employing much of the former SUSE LibreOffice team - not a reimplementation. This deployment runs CODE (Collabora Online Development Edition), the collabora/code server that renders and edits documents entirely server-side while browsers get high-fidelity WYSIWYG output, so layout and formatting survive round-trips that break lesser converters. Four editors ship in one container: Writer for text documents (comments, track changes with comparison and restoration, form handling), Calc for spreadsheets (advanced formulas, macros, pivot tables, per-user sheet views, server-enforced cell protection), Impress for presentations, and Draw for Visio-class diagrams. Format compatibility spans DOCX, XLSX, PPTX, the ODF family, PDF, and dozens more - including Visio and Publisher import. Real-time collaborative editing supports multiple simultaneous editors with visible cursors and commenting. The architectural point: documents are processed on your server and never leave it, which is why Collabora is the engine behind Nextcloud Office and integrates with ownCloud, Seafile, and any WOPI-speaking host - or embeds in your own application via the SDK. An admin console monitors sessions and memory. For organizations that need Google Docs-style collaboration with actual data sovereignty, this is the reference open-source answer.

Deploy
Roundcube screenshot thumbnail

Roundcube

Two decades of continuous development made Roundcube the standard-bearer of open-source webmail - a PHP IMAP client that gives any mail server a polished, application-like interface in the browser. It connects to whatever IMAP/SMTP stack you run - Dovecot, Postfix, a hosted mailbox - and delivers the full desktop-client experience: drag-and-drop message management, threaded conversation views, full MIME and HTML mail handling, find-as-you-type address book with groups and LDAP connectors, multiple sender identities, full-text search, and spell checking in dozens of languages. The default Elastic skin is genuinely responsive, working as well on a phone as a desktop, and the entire UI is skinnable. The plugin API is where deployments get shaped: managesieve exposes server-side filter management in the UI, enigma brings PGP encryption and signing via GnuPG, markasjunk trains spam filters, zipdownload batches attachments, password lets users change credentials, and attachment_reminder catches the classic forgotten-attachment email - among hundreds of community plugins. Built-in caching keeps large mailboxes fast, IMAP ACLs and shared folders support team setups, and XSS protection is engineered into the rendering pipeline. It scales from a single personal mailbox to unlimited users, backed by MySQL, MariaDB, PostgreSQL, or SQLite. GPL-licensed with regular security releases.

Deploy
Password Pusher screenshot thumbnail

Password Pusher

Credentials sitting forever in email threads and chat scrollback - Password Pusher solves that everyday security failure. Instead of pasting a password into Slack, you push it - a password, note, file, URL, or QR code - and share a unique one-time link that expires after a set number of views, a time limit, or both. Content is encrypted at rest with AES-GCM under a configurable master key, optionally guarded by a passphrase, and permanently deleted from the database the moment it expires; a retrieval-step option keeps URL-scanning bots from consuming views. Full audit logs record when each link was created and viewed (and by whom, with logins), and TOTP two-factor authentication can be required instance-wide. The delivery page is deliberately unbranded - no logos or confusing links for recipients - and the interface ships in 31 languages with light and dark themes. Automation runs through a JSON API (v2), an official CLI for pushing and expiring secrets from the terminal, a Chrome extension, and a catalog of third-party integrations. Apache-2.0 licensed Ruby on Rails, deployable via Docker, Kubernetes, or Helm, with SQLite or PostgreSQL storage - the sysadmin staple for sending credentials that clean up after themselves.

Deploy
Matomo screenshot thumbnail

Matomo

Several EU data protection authorities have ruled Google Analytics deployments unlawful; Matomo (formerly Piwik) is the most complete open-source replacement - a full analytics platform with 30+ report types across visitors, actions, referrers, goals, and ecommerce. The self-hosted PHP/MySQL edition is free and keeps every byte of visitor data on your infrastructure, which matters more each year: several EU data protection authorities have ruled Google Analytics deployments unlawful, while Matomo configured for cookieless tracking is approved by France's CNIL for use without a consent banner. All reporting runs on 100% unsampled data - no extrapolation at high traffic volumes. The GDPR Manager handles data subject requests and deletion, with IP anonymization, retention controls, and Do Not Track support built in. A dedicated importer pulls your historical Google Analytics data so years of trends survive the migration. Core analytics cover campaigns, custom variables and dimensions, entry/exit pages, downloads, site search, and full ecommerce tracking with a comprehensive HTTP API for reporting and ingestion. Premium plugins extend the platform into Hotjar-class behavioral tooling - click and scroll heatmaps, session recordings, conversion funnels, form analytics, A/B testing - plus a tag manager and SAML SSO. For teams that need GA-equivalent depth with actual data ownership, Matomo is the realistic drop-in replacement.

Deploy
Jirafeau screenshot thumbnail

Jirafeau

Upload a file, get a unique download link and a separate delete link - Jirafeau has done exactly this one thing since 2008. It is plain PHP with no database, no mail server, no JavaScript framework, and no external dependencies - files and metadata live on the filesystem, which is why it runs on nearly anything and why it has outlasted most of its imitators. Uploads use the HTML5 file API, so PHP's post_max_size ceiling does not constrain file size, with live progress showing speed, percentage, and time remaining. Every upload takes options: expiration from one minute to a year to unlimited, self-destruct after first download, and password protection with configurable policy - passwords can be optional, required, or server-generated with complexity rules. Server-side encryption (modern builds use XChaCha20-Poly1305) stores files encrypted at rest with the decrypt key embedded only in the download URL, never on the server, so a compromised host cannot read the contents. Unencrypted deployments get file-level deduplication - identical files stored once with multiple links. Upload access can be gated by password lists or IP allowlists, a small admin panel manages stored files, and a CLI cleanup script handles expired files via cron. Recipients can preview supported files in-browser.

Deploy
KeeWeb screenshot thumbnail

KeeWeb

Your KeePass vaults, opened from any browser: KeeWeb reads, edits, and creates standard KDBX files, so it works with the same databases as KeePass and KeePassXC without conversion or lock-in. Self-hosting the web app gives you a password manager reachable from any modern browser, including mobile, with no client installation and no third-party cloud in the loop. All KDBX cryptography runs client-side; the server just serves the static app. Open multiple vault files simultaneously and search them all from one box, with advanced options covering specific fields, password history, and regular expressions. Vaults load from local files, your own server (WebDAV), or Dropbox, Google Drive, and OneDrive, with automatic sync - and files are cached for offline use, so a dropped connection never locks you out; changes resync once you're back online. Day-to-day niceties include a configurable password generator, protected fields that stay masked and are held in memory more defensively, entry history, tags with easy input, drag-and-drop attachments, and per-entry icons with favicon fetching. The optional KeeWeb Connect extension (Chrome, Firefox, Edge, Safari) autofills credentials using the keepassxc-protocol. MIT-licensed with matching desktop apps for macOS, Windows, and Linux.

Deploy
Cusdis screenshot thumbnail

Cusdis

Comments for small sites without Disqus's baggage: Cusdis is a lightweight, privacy-first, open-source comment system for embedding under blog posts and articles. The embedded JavaScript SDK is about 5 KB gzipped (Disqus is roughly 24 KB), sets no cookies, runs no tracking, and does not require readers to create an account or sign in before commenting. Integration is two lines: a container div with your app ID and an async script tag, with ready-made adapters for common frameworks and static site generators. Moderation is approval-based - new comments stay hidden until you approve them from the dashboard, and email notifications include a Quick Approve link that approves or replies to a comment from your phone without logging in. A webhook fires on every new comment for integrations like Telegram notifications. The widget ships with built-in i18n and dark mode. The stack is TypeScript and Next.js with a Prisma data layer, deployable via Docker with PostgreSQL. Deliberately minimalist: no ads, no reader profiling, and your comment data lives in your own database.

Deploy
Umami screenshot thumbnail

Umami

No cookies, no fingerprinting, no cross-site tracking, no personal data collection - Umami's privacy contract is the foundation of the open-source web analytics platform. IP addresses are hashed rather than stored, which makes it GDPR, CCPA, and PECR compliant by default - the consent banner can come off the site entirely. The tracking script is under 2 KB, roughly 20x smaller than Google Analytics, so measurement stops being a page-weight tax. The dashboard covers the core metrics - pageviews, visitors, bounce rate, visit duration, referrers, browsers, devices, and countries - with any date range and filtering by country or device. Beyond pageviews, custom events track clicks, form submissions, and signups via a data attribute or one JavaScript call, and advanced reports add funnels, user journeys, retention and cohort analysis, goals, and automatic UTM campaign tracking. Anonymous session views show individual visitor activity without identifying anyone. Teams share websites with role-based access, one instance manages unlimited sites, and a full REST API exposes every metric programmatically. MIT-licensed and self-hosted on PostgreSQL or MySQL via Docker, your analytics data never leaves your infrastructure.

Deploy
Vaultwarden screenshot thumbnail

Vaultwarden

The Bitwarden server, reimplemented in Rust: Vaultwarden (formerly bitwarden_rs) is the unofficial lightweight edition. It speaks the same wire protocol as the official server, so every official Bitwarden client - browser extensions, iOS, Android, desktop, and the bw CLI - connects without modification, while the server itself runs as a single container against SQLite (or MySQL/MariaDB/PostgreSQL) instead of the official multi-container stack that wants gigabytes of RAM. Features Bitwarden gates behind paid tiers ship free: organizations with collections, groups, member roles, and policies; TOTP code storage; file attachments; Bitwarden Send; Emergency Access; event logs; and admin password reset. Two-factor options cover authenticator apps, email, FIDO2 WebAuthn, YubiKey, and Duo, and OIDC-based SSO landed natively in v1.35.0. Zero-knowledge encryption is unchanged - vault data is encrypted client-side and the master password never reaches the server. Attachments and Sends store on local disk or S3-compatible backends, an admin panel manages users and server settings, and backup is copying one data directory. Suited to individuals and teams up to roughly 50 users.

Deploy
Joplin screenshot thumbnail

Joplin

Notes on Windows, macOS, Linux, Android, iOS, and the terminal, synced through your own server: Joplin pairs its open-source clients with Joplin Server, the official self-hosted backend that replaces Dropbox, OneDrive, or Nextcloud as the synchronization target. Notes are Markdown with inline attachments (images, PDFs, audio), organized into hierarchical notebooks and sub-notebooks with cross-cutting tags, alongside to-do lists with reminders and alarms. End-to-end encryption is the headline feature: enabled in the clients, it encrypts sync payloads on-device before upload, so the server stores blobs it cannot read - genuine protection even if the host is compromised. The desktop app offers both Rich Text and Markdown editors, extended by a plugin ecosystem, custom themes, and an Extension API for writing your own scripts; a Web Clipper for Chrome and Firefox captures full pages or screenshots straight into notebooks. Joplin Server ships as a Docker image with SQLite for evaluation and PostgreSQL for production, offers a filesystem storage driver for large content, and includes multi-user support and note sharing - all free under AGPL-3.0 when self-hosted. Notes stay in an open format, so the exit path always exists.

Deploy